F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)
Critical Nessus Plugin ID 79606
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. (CVE-2011-1071)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15885.